According to a recent W3Techs survey [1], Debian has just surpassed CentOS to
become the most popular GNU/Linux distribution on web servers. The survey is
based on the analysis of the top million web sites according to Alexa, in order
to select a representative sample of established sites, and focused only on the
technologies used for web sites (and not individual web pages or desktop
installations). In fact, at the beginning of 2012, Debian was used by 29.4% of
all Linux-based sites (and by 9.7% of all web sites), while CentOS was used by
29.1% of all Linux-based sites (and by 9.5% of all web sites). Debian "is also
the fastest growing operating system at the moment: every day 54 of the top 1
million sites switch to Debian" , said Matthias Gelbmann in the article. With
regard to the geographical distribution of web sites using Debian, the most are
in Europe (with 39.7% of all sites in Germany, 36.1% in Poland, 33.6% in France
and 26.4% in Russia).

Thomas Goirand recently proposed to relax or even remove some dependencies [2]
of web applications on a web server package. This would help users wanting to
install such web applications in chroots, while the web server is installed
only outside the chroot. During the following discussion, several solutions
were proposed, such as providing a dummy web server package in Debian. It was
pointed out that such dummy packages are actually very easy to create with the
equivs [3] package, which deserves to be better known.

Christian Perrier blogged about the recent revival of the aptitude package
manager [4]. As the main maintainer had less time to dedicate to it, the number
of bugs against aptitude was continually growing and reached more than 800. But
last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working
on it, triaging bugs and preparing a possible new version. If you want to help
them, join the aptitude-devel [5] mailing list on Alioth.

Stefano Zacchiroli blogged about how donations to Debian are used by the
project [6]. First of all, Stefano explained how money is used in the Debian
Project: to buy hardware and hardware-related services for Debian
infrastructure, to sponsor contributor sprints, or to support travel expenses
in order to allow Debian Developers to represent Debian at conferences and
meetings. Then, Stefano noted that almost all donations to Debian come from
private citizens and not from big corporate sponsors: corporates mostly sponsor
DebConf (the Debian annual conference). At the end, Stefano pointed out that
it's possible to check how Debian spends donated money: by reading the minutes
of SPI monthly meetings [7] or the list of sprints [8], visiting the DPL wiki
page [9] and consulting the DebConf reports [10]. Stefano also added that over
the next month he will be working to further improve the transparency of
Debian's budget.

On the subject of Debian's usage of money, Yves-Alexis Perez proposed to
advocate hardware sponsoring [11]. Since asking for money for oneself is not
always the first reflex, he proposed to turn the offer the other way around: if
you believe that a Debian Developer could use some money for hardware purposes,
you should raise your voice and propose it yourself, in case the developer was
too shy to ask, for example.

Steve McIntyre blogged about the status of the armhf port in Debian [12]. Since
mid-2011, he has been working on armhf as a new architecture in "debian-ports"
; then in December it was imported into the main Debian archive. The current
state of auto-building can be viewed at thearmhf buildd status page [13].

Ben Hutchings wrote an interesting report on a security issue in Linux [14]
found by himself while working on bug #654876 [15]. As his laptop running Linux
3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug submitter —
thought it could be a driver bug. But, analysing the log of the crash, Ben
noted that "a packet received through the wireless interface was being
processed by IGMP, which then divided by zero." IGMP packets are used to
support multicast routers: as Ben explained, "every multicast address
corresponds to a dynamic set of hosts, called a multicast group" . In order to
know which hosts belong to which groups, the router sends packets and the
computer replies at intervals. There are three different versions of the IGMP
protocol used to define the Maximum Response Time (MRT) of the computer. Ben
found that the crash was caused by a division by 0 of packets with an MRT of 0.
The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian packaged
version 3.1.8-2. Well done, Ben!

Gerfried Fuchs wrote an interesting article about a Release Critical
bug-squashing effort for Stable [17]. Stable RC bugs are often not noted, as
people usually concentrate on Unstable RC bugs, but - as Gerfried noted - "it
is one of our supported releases and thus should receive quite some attention,
at least by the corresponding package maintainers themself."

You can find more information about Debian-related events and talks on the
events section [22] of the Debian web site, or subscribe to one of our events
mailing lists for different regions: Europe [23], Netherlands [24], Hispanic
America [25], North America [26].

Do you want to organise a Debian booth or a Debian install party? Are you aware
of other upcoming Debian-related events? Have you delivered a Debian talk that
you want to link to on our talks page [27]? Send an email to the Debian Events
Team [28].

According to the Bugs Search interface of the Ultimate Debian Database
[32], the upcoming release,
Debian 7.0 "Wheezy" , is currently affected by 736 Release-Critical
bugs. Ignoring bugs which are easily solved or on the way to being solved,
roughly speaking, about 495 Release-Critical bugs remain to be solved for the
release to happen.

In his last report on Debian Installer localisation [35], Christian Perrier
noted that twenty-two languages are currently up to date for D-I's core files;
ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese,
Russian and Slovak) are 100% complete for the moment.

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about security
advisories released by the Debian Security Team, please subscribe to the
security mailing list [45] (and the separate backports list [46], and stable
updates list [47] or volatile list [48], for "Lenny" , the oldstable
distribution) for announcements.

Please help us create this newsletter. We still need more volunteer writers to
watch the Debian community and report about what is going on. Please see the
contributing page [65] to find out how to help. We're looking forward to
receiving your mail at debian-publicity@lists.debian.org [66].